Impact
The NeMo Framework for Linux contains a deserialization flaw that allows untrusted data to be processed, which can enable an attacker to run arbitrary code, elevate privileges, alter data, or leak sensitive information. The weakness is classified as CWE‑502 – deserialization of untrusted data.
Affected Systems
NVIDIA NeMo Framework for Linux is the affected product. No specific version information is provided in the CNA data, so any installation of the framework should be considered potentially vulnerable until a patch is applied.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity, while the EPSS score of less than 1% suggests a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, leveraging the framework’s ability to receive serialized data from external sources; an attacker could send a crafted payload that triggers the flaw and achieves code execution.
OpenCVE Enrichment